|
Full Disclosure
mailing list archives
Re: Google Talk cleartext credentials in process memory
From: 6ackpace <6ackpace () gmail com>
Date: Tue, 29 Nov 2005 15:32:48 +0530
Hi,
If i am right Google Talk Beta Messenger cleartext credentials in process
memory still exist on the current version.
googles answer for this issue:
plain char -> hex char
6ackpace
On 11/29/05, Jaroslaw Sajko <sloik () parareal net> wrote:
pagvac wrote:
Title: Google Talk Beta Messenger cleartext credentials in process
memory
Description
Google Talk stores all user credentials (username and password) in
clear-text in the process memory. Such vulnerability was found on
August 25, 2005 (two days after the release of Google Talk) and has
already been patched by Google.
This issue would occur regardless of whether the "Save Password"
feature was enabled or not.
The same issue concerns many applications, ie. Gadu-Gadu - another
instant messenger. In my opinion such "vulnerabilities" are not worthy
publishing (for Gadu-Gadu we have not published this kind of software
behaviour) because if you can dump other user process or trick him to
execute any code then reading the password from the process memory is
only one of many things which you can do.
regards,
js
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
Intro
